-
Notifications
You must be signed in to change notification settings - Fork 0
/
step.yml
108 lines (98 loc) · 3.9 KB
/
step.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
title: |-
Test with Snyk
summary: |
Bitrise Snyk Step incorporates Snyk into your Bitrise workflows
description: |
Bitrise Snyk Step incorporates Snyk into your Bitrise workflows.
By utilizing this step, you will be able to test your project dependencies for vulnerabilities during builds and use Snyk to monitor your projects
for new vulnerabilities.
This step uses Snyk as an external service and requires your authentication token.
website: https://github.com/pilvikala/bitrise-step-snyk
source_code_url: https://github.com/pilvikala/bitrise-step-snyk
support_url: https://github.com/pilvikala/bitrise-step-snyk/issues
project_type_tags:
- android
- ios
- react-native
type_tags:
- utility
toolkit:
bash:
entry_file: step.sh
inputs:
- auth_token: $SNYK_AUTH_TOKEN
opts:
title: "Auth Token"
summary: "Snyk Authentication Token"
description: |
Your Snyk authentication token (see https://app.snyk.io/account).
is_required: true
is_sensitive: true
is_expand: true
- command: test
opts:
title: "Command"
summary: "Snyk CLI command to run"
description: |
This is the CLI command to run with Snyk.
Default value: `test`
is_required: false
- severity_threshold: low
opts:
title: "Severity threshold"
summary: "Only report vulnerabilities of the provided level or higher."
description: |
Only report vulnerabilities of the provided level or higher (low/medium/high/critical).
Default is low.
value_options:
- "low"
- "medium"
- "high"
- "critical"
- fail_on_issues: "yes"
opts:
title: "Fail on issues"
summary: "Specifies whether to fail the build or not based on the results found by Snyk."
description: |
Specifies whether to fail the build or not based on the results found by Snyk.
Snyk by default returns an error code from the test command. This may break your Bitrise workflow. By specifying `no`, the build can continue even if vulnerabilities are found.
value_options:
- "yes"
- "no"
- create_report: "no"
opts:
title: "Create HTML Report"
summary: "Specifies whether to create an HTML report"
description: |
Specifies whether to create an HTML report.
If set to `yes`, an HTML report will be created and available as a build artifact
value_options:
- "yes"
- "no"
- monitor: "no"
opts:
title: "Monitor (import to Snyk)"
summary: "If enabled, imports the snapshot of dependencies to Snyk for continuous monitoring after a successful test."
description: |
If enabled, imports the snapshot of dependencies to Snyk for continuous monitoring after a successful test.
Set this value to `yes` to import the snapshot of dependencies to Snyk after a successful test. Snyk will then start monitoring the dependencies for new vulnerabilities and alert when a new vulnerability is discovered.
value_options:
- "no"
- "yes"
- target_file:
opts:
title: "Target file"
summary: "The path to the manifest file to be used by Snyk. Should be provided if non-standard."
description: "The path to the manifest file to be used by Snyk. Should be provided if non-standard."
- organization:
opts:
title: "Organization"
summary: "Name of the Snyk organisation name, under which this project should be tested and monitored."
description: |
Name of the Snyk organisation name, under which this project should be tested and monitored.
If omitted the default organization will be used.
- additional_arguments:
opts:
title: "Additional arguments"
summary: "Refer to the Snyk CLI help page for information on additional arguments."
description: "Refer to the Snyk CLI help page for information on additional arguments."